Cyber security executive addresses Interop in LV

Kevin Mandia, chief executive officer of FireEye, speaks at the Interop technology conference at MGM Grand on May 17, 2017.

Concerns about cyber security, always humming in the background, escalate when attacks such as this week’s WannaCry make headlines worldwide.

Kevin Mandia has been in the cyber security business since 1993, when he started as an U.S. Air Force officer at the Pentagon. Now chief executive officer of security firm FireEye, Mandia deals with companies calling on a daily basis when they are victims of a cyber attack.

Speaking in Las Vegas at the Interop ITX conference on Wednesday, Mandia said that FireEye has tackled more than 500 breaches in the last year. The California-based company is investigating more than two dozen breaches at this time.

“Every hour on the hour, our more than 300 consultants find malware backdoors that are not detected by any of the technology in place,” he said. “There are no risks and repercussions to hacking companies.”

Several nations don’t go after hackers, making them more attractive targets for attacks.

“Russia is a safe harbor for offensive operations,” he said. “China, North Korea and Iran are safe harbors, and others are emerging now. People can hack with impunity. and there is anonymity on the internet. These attacks are just going to happen all the time.”

A hacker group aligned with Vietnamese government interests has increasingly carried out cyber attacks on companies, journalists and overseas governments over the past few years, according to a report this week from FireEye.

The two most common attacks found in the United States are drive-by hacks and targeted attacks.

• Drive-by hacks: Users are affected by visiting malicious websites set up by hackers or visiting a legitimate website that has been compromised by a hacker.

• Targeted attacks: Hackers set out to harm a specific company or entity, usually via email.

A method often used in targeted attacks is spear fishing. A spear fish is usually in the form of a word document or a PDF file attached to an email. Users unknowingly compromise the security of a computer when they click to open the attachment. Those fraudulent emails are usually disguised as coming within the company or associates.

“Around 90 percent of the cases we respond to, when we find victim zero, it is a spear fish that led the intrusion,” Mandia said.

Using the same signature is essential when emailing, so respondents know it’s actually you, he said. They should notice when something is different or suspect.

WannaCry attacked several countries via email, including the U.S. The United Health System in the United Kingdom was one of the hardest entities hit.

The attack used ransomware, a hacking attack that locks users out of their computer system until they pay a ransom to unlock their account.

Most ransoms are fairly cheap, running under a few hundred dollars, a strategy aimed at those who’d rather pay the small fee to get their system up and running than paying for an expert.

WannaCry perpetrators asked for bitcoins for payment because they are a nearly untraceable currency.

Attacks such as WannaCry are attractive to cyber criminals because of the internet’s anonymity, Mandia said. The prevalence of those who know how to pull off attacks, collect money and not get caught sparks a debate about whether anonymity on the internet is a good thing, he said.

“Privacy folks say anonymity is a great thing because it’s an aspect of privacy that we have to maintain,” Mandia said. “Then you’ll have a whole camp that says with anonymity on the internet, how do you do proportional response? How do you actually have the necessary repercussions for the folks who did it?”